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CLAIMS 
We claim: 

1 . A method for securing a computer system, characterised by: 

a) Augmenting selected memory items by Memory Item Headers (MIH) 

b) Replacing traditional pointers to the selected memory items by Pointers to 
Intermediary Pointer Objects (PIPOs) 

c) Validating references made to the memory items through the PIPOs at mn-time 

2. A method in accordance with claim 1, wherein said selected memory items can include 
functions, arrays, objects, fundamentals and other program constructs that can be 
referenced through a traditional pointer 

3. A method in accordance with claims 1 and 2, wherein the Memory Item Headers (MIH) 
include information about the original memory item; said information to include at least 
the length of the original memory item or a biased version thereof and optionally 
additional information including: 

a) Type information 

b) Access rights 

c) Reference counts 

d) Object IDs 

4. A method in accordance with any of the previous claims, wherein the Pointers to 
Intermediary Pointer Objects hold a reference to a newly disclosed Intermediary Pointer 
Object (IPO); said Intermediary Pointer Object having at least two parts: 

a) A reference to a memory item's header (MIH) 

b) An offset to a location in the memory item 

5. A method according to claim 4 wherein said offset is with regard to the start of the 
original memory item or the start of its MIH 

6. A method according to any of the previous claims wherein said Pointers to Intermediary 
Pointer Objects assume an IPO offset of zero and reference a MIH direcdy 
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7. A method according to any of the previous claims wherein said references have the same 
form as traditional pointers 

8. A method according to any of the previous claims wherein said validating is characterised 
by checking that attempts to reference a memory item through a PIPO are consistent 
with the information held in the corresponding MIH and IPO 

9. A method according to claim 8 wherein said consistency checking can include any of: 

a) Bounds checking 

b) Type checking 

c) Access checking 

d) Reference count checking 

10. A method according to claim 9 wherein said bounds checking is further characterised by 
lower and upper bounds checking that may be applied together or independently 

1 1 . A method according to any of the previous claims wherein said validating is performed 
by instrumentation implemented in either: 

a) Software or 

b) Hardware 

12. A method according to claim 11 wherein, said hardware instrumentation is implemented 
in the CPU of a computer system as new instructions or in modifications to the 
microcode for existing instructions 

13. A method in accordance with any of the previous claims wherein run-time PIPOs are 
distinguished from traditional pointers by: registers reserved for PIPOs, memory areas 
reserved for IPOs, tags, maps, new CPU instructions or new address modes 

14. A method according to any of the previous claims implemented as modifications to a 
compilation process, run-time libraries, functions, in-line macros, system calls, source 
translation or other means 

15. A method or apparatus substantially as described herein 



16. Apparatus configured or adapted to perform any one of the methods of the previous 
claims 



